They also do a lookup to see if it is a known proxy, plus some 'smart' detection to see if its a proxy. Plus they check trends and all sorts of other stuff to try detect abuse. Otherwise, they would all be out of businesss.
Its quite difficult to get lots of unique IP address to register a click from. (without open proxies). But yeah, a script running from many different IPs would be the same as a person 'running' from many different IPs. But perhaps they use people cause that way they can actually 'hire' ip addresses, rather than the people themselves.
Reminds me of that program ppl used to run which displayed ads and you got paid for it. People would run all sorts of mouse-moving bots to keep the ads running overnight. Nowadays, the spyware crap has replaced that, and the 'victims' get nothing in return.
oh... and you sought fit to captilize 'ONE', placing emphasis on it, as though there was only one.
We are talking about the compiler here... that is essentially the only thing that needs to be optimised per architecture (and the kernel). The ratio of software products which run on x86 or other architectures is irrelevant for both gnu and MS, as they are compiled from a common source, using the optimiser compiler (the piece of software that falls in your "5%").
So the comment about 95% vs 5% having support is just bullshit.
The same could be said for gcc too. If they dont have the resources to develop for what 90% of the population uses, then hey... score 1 for Microsoft. No one using x86 gives a shit that the gcc developers had 5 people trying to optimise for ppc and didnt have time to make their architecture optimised.
Besides, MS have recently added support for Itanium and AMD64, and I assure you have some of the best people in the business working hard on this stuff - gcc's etc development pales in comparison.
if you have vmware, load up an image and install all the spyware crap they want you to to download the song. Once you have the song/file, upload it somewhere and reset the image. - no harm done.
While that figure is probably a fairly high exagerration, I guess he is factoring in all costs of testing, not just the verificaiton that a single line is correct.
ie- perhaps to test a piece of software that is responsible for guiding missiles or whatever, they may have to actually fire a few million dollar missiles. Or they may have to build a test suite or simulation software etc for testing.
Updates on the windows update site are digitally signed. The key being kept very secure and obviously not on the server. The rest of your post is pretty bogus too, but I couldnt be bothered wasting anymore time answering.
In the first paragraph he suggests that worms, viruses and popups are somehow the fault of and only restricted to Windows, and using Linux will solve all those problems.
This is not the reason to switch operating systems, it is a reason to use better software, patch your system, have better security practices etc. Articles that start with this proclamation don't warrant reading any further.
Huh? There are millions of local root vulnerabilities under *NIX, unless you can exploit this without first authenticating (eg. entering a very long username - without actually knowing a valid one), this is no different.
The capability and number of local root vulnerabilities under *nix makes me laugh at those who think Windows is more vulnerable to e-mail bourne viruses and tojans. Because in reality, it isn't.
Under Windows, a trojan is less likely to gain admin status and wreck your other accounts or data, because there are so few local exploits. Under Linux etc, a trojan has hundreds of avenues of attack to gain root status and stuff up your system much worse. Share your computer with your mum, she downloads some dodgy attachement, it gains root access and wrecks your account too. doh.
Forgot to mention, its free, all open source, supports.ogg, has a neat SDK for making use of it, and all the rest of the crap that is important to/. readers despite the fact they'll probably never use it.
MusicBrainz has been using these "TRM"s (essentially track ids) to identify music to correctly add ID3 tags to your music collection for some time.
The more people that use it, the more accurate and complete it becomes. It is basically a free CDDB replacement (the biggest one I think) but kind of works in reverse as well (matches mp3s to their associated CDs).
Think of the player as the smartcard with the private key, and the DVD as the bank with the public key.
Of course the private key was divulged, you have physical access to the player (smartcard), which contains the private key. Not to mention the fact that the player that was compromised was software and easily reverse engineered.
Unless you design some skimmer device which heats up the card and hammers it with radiation and whatnot to try and reveal its contents (no easy task) - the private key will not be divulged.
The smartcard system is very different to the DVD protection scheme - which required a common private key in all players (effectively making it not so private). With smartcards, everyone has their own private key and its kept private.
Yeah perhaps 0.000...0000000001% of the time, not very good odds when the card is locked after 3 attempts.
A 2048 bit key does not allow much room for guesswork:P - as others have pointed out, this is basic public key crypto with the card doing the processing - if you know some way to fake a response that gives you a reasonable success rate in PKI, the NSA would probably like to have a chat to you.
Even better would be the use of smartcards instead of current cards. The card simply has its own private key, the ATM machines/bank issue a challenge to the card and verify it against the known public key.
The private key is never divulged yet the authenticity of the card is known. There is no way to scam the system other than steal the physical card and know what the pin is. These really need to be adopted soon.
And here I sit with a Windows XP box and the idle process is using 99% of CPU - ie, the OS isn't using basically no CPU. And when just sitting around waiting for me to type, why should it?
For X is to use 7% CPU is just ludicrous in my mind. It is hardly suprising that a bloody mpeg decoder is using more CPU than a windowing system (probably in idle) - hell most mpeg decoders can't even run in real time on slower CPUs. Comparing the two is just stupid.
This may or may not be the same vulnerability, but it does highlight what I think many in 'the business' already suspect.
Who's to say this bug wasn't found by trial and error / blackbox testing (like 99% are, even with open source), and then going into the code to find the offending code snippet? As a person who has had a variety of Microsoft security bulletins credited to my name, I would say this is the more likely scenario.
From bugcheck.c, the code which makes the screen blue...
if (InbvIsBootDriverInstalled()) {
InbvAcquireDisplayOwnership();
InbvResetDisplay();
InbvSolidColorFill(0,0,639,479,4);// make the screen blue
InbvSetTextColor(15);
InbvInstallDisplayStringFilter((INBV_DISPLAY_STRIN G_FILTER)NULL);
InbvEnableDisplayString(TRUE);// enable display string
InbvSetScrollRegion(0,0,639,479);// set to use entire screen
}
The virus was cleaned from the comp (ie zeroed the eml files), but the backdoor (file sharing) remained. Most AV software don't remove backdoors after cleaning a virus.
By the looks of all the empty.eml files, the source was obviously stolen from a guy hit by the nimda virus.
Empty.eml files are a typical indication of a computer that was infected by nimda then cleaned. Unfortuantly, this guy forgot to disable sharing of his shares after cleaning up.
Some early screenshots of the game that will no longer be. Looks pretty good, nothing fancy, but of course there is much more to a game than just the visuals.
Yeah, but what is the quality of the fixes from OSS? I am sceptical of a fix that is done in a matter of hours - how likely is it that the fix has been tested with every possible hardware/software configuration? For this particular bug, there is a hell of a lot of dependencies on the ASN.1 library, this requires a lot of testing.
Although 6 months is too long, at least I am more sure they have tested the fix properly. At the moment OSS style fixes are done quickly because they aren't tested very well, and there is not much component re-use (which is a bad thing) in OSS.
Err... most firewalls prevent incomming connections, not outgoing. In fact, they would be ideal for a DDOS attack, as they could attack without being 'attacked' back.
MyDoom.B will catch DoomJuice with a 100% infection ratio.
That is unlikely due to the fact that.b and.a were propageted through e-mail as a.zip. Most organisations and ISPs use firewalls which would prevent the spread of.c to those who caught.a and.b behind their firewall.
Slashdot Mirror
They also do a lookup to see if it is a known proxy, plus some 'smart' detection to see if its a proxy. Plus they check trends and all sorts of other stuff to try detect abuse. Otherwise, they would all be out of businesss.
Its quite difficult to get lots of unique IP address to register a click from. (without open proxies). But yeah, a script running from many different IPs would be the same as a person 'running' from many different IPs. But perhaps they use people cause that way they can actually 'hire' ip addresses, rather than the people themselves.
Reminds me of that program ppl used to run which displayed ads and you got paid for it. People would run all sorts of mouse-moving bots to keep the ads running overnight. Nowadays, the spyware crap has replaced that, and the 'victims' get nothing in return.
I figured thats what 'Hot Pocket' is. If not, what the hell is it?
oh... and you sought fit to captilize 'ONE', placing emphasis on it, as though there was only one.
We are talking about the compiler here... that is essentially the only thing that needs to be optimised per architecture (and the kernel). The ratio of software products which run on x86 or other architectures is irrelevant for both gnu and MS, as they are compiled from a common source, using the optimiser compiler (the piece of software that falls in your "5%").
So the comment about 95% vs 5% having support is just bullshit.
The same could be said for gcc too. If they dont have the resources to develop for what 90% of the population uses, then hey... score 1 for Microsoft. No one using x86 gives a shit that the gcc developers had 5 people trying to optimise for ppc and didnt have time to make their architecture optimised.
Besides, MS have recently added support for Itanium and AMD64, and I assure you have some of the best people in the business working hard on this stuff - gcc's etc development pales in comparison.
if you have vmware, load up an image and install all the spyware crap they want you to to download the song. Once you have the song/file, upload it somewhere and reset the image. - no harm done.
While that figure is probably a fairly high exagerration, I guess he is factoring in all costs of testing, not just the verificaiton that a single line is correct.
ie- perhaps to test a piece of software that is responsible for guiding missiles or whatever, they may have to actually fire a few million dollar missiles. Or they may have to build a test suite or simulation software etc for testing.
Updates on the windows update site are digitally signed. The key being kept very secure and obviously not on the server. The rest of your post is pretty bogus too, but I couldnt be bothered wasting anymore time answering.
In the first paragraph he suggests that worms, viruses and popups are somehow the fault of and only restricted to Windows, and using Linux will solve all those problems.
This is not the reason to switch operating systems, it is a reason to use better software, patch your system, have better security practices etc. Articles that start with this proclamation don't warrant reading any further.
Huh? There are millions of local root vulnerabilities under *NIX, unless you can exploit this without first authenticating (eg. entering a very long username - without actually knowing a valid one), this is no different.
The capability and number of local root vulnerabilities under *nix makes me laugh at those who think Windows is more vulnerable to e-mail bourne viruses and tojans. Because in reality, it isn't.
Under Windows, a trojan is less likely to gain admin status and wreck your other accounts or data, because there are so few local exploits. Under Linux etc, a trojan has hundreds of avenues of attack to gain root status and stuff up your system much worse. Share your computer with your mum, she downloads some dodgy attachement, it gains root access and wrecks your account too. doh.
Forgot to mention, its free, all open source, supports .ogg, has a neat SDK for making use of it, and all the rest of the crap that is important to /. readers despite the fact they'll probably never use it.
check out www.musicbrainz.org, it does exactly that. or read my other post./
MusicBrainz has been using these "TRM"s (essentially track ids) to identify music to correctly add ID3 tags to your music collection for some time.
The more people that use it, the more accurate and complete it becomes. It is basically a free CDDB replacement (the biggest one I think) but kind of works in reverse as well (matches mp3s to their associated CDs).
Kinda cool, check it out.
Think of the player as the smartcard with the private key, and the DVD as the bank with the public key.
Of course the private key was divulged, you have physical access to the player (smartcard), which contains the private key. Not to mention the fact that the player that was compromised was software and easily reverse engineered.
Unless you design some skimmer device which heats up the card and hammers it with radiation and whatnot to try and reveal its contents (no easy task) - the private key will not be divulged.
The smartcard system is very different to the DVD protection scheme - which required a common private key in all players (effectively making it not so private). With smartcards, everyone has their own private key and its kept private.
Yeah perhaps 0.000...0000000001% of the time, not very good odds when the card is locked after 3 attempts.
:P - as others have pointed out, this is basic public key crypto with the card doing the processing - if you know some way to fake a response that gives you a reasonable success rate in PKI, the NSA would probably like to have a chat to you.
A 2048 bit key does not allow much room for guesswork
Even better would be the use of smartcards instead of current cards. The card simply has its own private key, the ATM machines/bank issue a challenge to the card and verify it against the known public key.
The private key is never divulged yet the authenticity of the card is known. There is no way to scam the system other than steal the physical card and know what the pin is. These really need to be adopted soon.
And here I sit with a Windows XP box and the idle process is using 99% of CPU - ie, the OS isn't using basically no CPU. And when just sitting around waiting for me to type, why should it?
For X is to use 7% CPU is just ludicrous in my mind. It is hardly suprising that a bloody mpeg decoder is using more CPU than a windowing system (probably in idle) - hell most mpeg decoders can't even run in real time on slower CPUs. Comparing the two is just stupid.
This may or may not be the same vulnerability, but it does highlight what I think many in 'the business' already suspect.
Who's to say this bug wasn't found by trial and error / blackbox testing (like 99% are, even with open source), and then going into the code to find the offending code snippet? As a person who has had a variety of Microsoft security bulletins credited to my name, I would say this is the more likely scenario.
From bugcheck.c, the code which makes the screen blue...
// make the screen blueN G_FILTER)NULL); // enable display string // set to use entire screen
if (InbvIsBootDriverInstalled()) {
InbvAcquireDisplayOwnership();
InbvResetDisplay();
InbvSolidColorFill(0,0,639,479,4);
InbvSetTextColor(15);
InbvInstallDisplayStringFilter((INBV_DISPLAY_STRI
InbvEnableDisplayString(TRUE);
InbvSetScrollRegion(0,0,639,479);
}
The virus was cleaned from the comp (ie zeroed the eml files), but the backdoor (file sharing) remained. Most AV software don't remove backdoors after cleaning a virus.
By the looks of all the empty .eml files, the source was obviously stolen from a guy hit by the nimda virus.
.eml files are a typical indication of a computer that was infected by nimda then cleaned. Unfortuantly, this guy forgot to disable sharing of his shares after cleaning up.
Empty
Some early screenshots of the game that will no longer be. Looks pretty good, nothing fancy, but of course there is much more to a game than just the visuals.
Yeah, but what is the quality of the fixes from OSS? I am sceptical of a fix that is done in a matter of hours - how likely is it that the fix has been tested with every possible hardware/software configuration? For this particular bug, there is a hell of a lot of dependencies on the ASN.1 library, this requires a lot of testing.
Although 6 months is too long, at least I am more sure they have tested the fix properly. At the moment OSS style fixes are done quickly because they aren't tested very well, and there is not much component re-use (which is a bad thing) in OSS.
Err... most firewalls prevent incomming connections, not outgoing. In fact, they would be ideal for a DDOS attack, as they could attack without being 'attacked' back.
MyDoom.B will catch DoomJuice with a 100% infection ratio.
.b and .a were propageted through e-mail as a .zip. Most organisations and ISPs use firewalls which would prevent the spread of .c to those who caught .a and .b behind their firewall.
That is unlikely due to the fact that
And why wouldnt the guy at sears be considered a 'tool'? He is a 'device' _used_ for finding the information you want.
The same as a metal detector or store directory leaflet - these are tools used for information retrieval.